This content is part of the Essential Guide: How to hone an effective vulnerability management program
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Best of vulnerability management 2013

Readers pick the top vulnerability management products in 2013: Network vulnerability scanners, patch management, reporting, remediation, compliance.

Gold: Shavlik Protect, LANDesk Software

Among the highest scores for any category of Reader's Choice this year went to LANDesk Software's Shavlik Protect. The product, acquired from VMware after our survey was already underway, was listed as vCenter Protect, its name prior to the acquisition. Generally speaking, users know it as Shavlik, for the company that originally created the product before that company was acquired by VMware in 2011, so there's a certain logic to LANDesk's name reversion.

Those high marks from readers were for the breadth of applications/devices the product covered, as well as for its accuracy in identifying vulnerabilities in a timely manner. The Shavlik Protect product line enables customers to effectively manage, monitor and secure their IT environments. It includes centralized patch management and asset inventory for Microsoft Windows and third-party applications (for both virtual and physical machines); centralized antivirus, power management and IT scripting; and the ability to leverage a single Microsoft System Center Configuration Manager workflow to deploy updates for both Microsoft and non-Microsoft applications, and patches in a Windows environment.

Expert market reflection on category dynamics:

"Vulnerability scan of a single system is very simple. However, vulnerability assessments of a 10,000 node network often becomes an exercise in frustration, organizational politics and sometimes just sheer esoterica. Still, this pales in comparison to the task of remediating these vulnerabilities—this is where the real, hardcore challenges are for today's enterprises. Knowing what to fix first, applying patches effectively, and repeating this process, continuously, for all vulnerable applications and OS components, without breaking things is devilishly hard."

-- Dr. Anton Chuvakin, research director, Gartner

Silver winner:  QualysGuard Vulnerability Management, Qualys, Inc.

QualysGuard Vulnerability Management (VM) grabbed silver after gaining solid praise from readers for identifying vulnerabilities in a timely manner, accurately and effectively. The cloud-based service scored high marks for its scalability and vendor service and support. Readers also liked its comprehensive and flexible reports and said that it was easy to install, configure and administer. QualysGuard VM provides automated network auditing and vulnerability management, including network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking.

Bronze winner:  Nessus Vulnerability Scanner, Tenable Network Security

Readers awarded the bronze to the Tenable Nessus Vulnerability Scanner, giving the product high scores for its ability to accurately identify vulnerabilities in a timely manner. One respondent said that "'Wow' is too small a word to use. Third-party tools are required in some instances, but it is rock solid." Nessus also scored well for the breadth of applications and devices it covers. The product provides agentless auditing of configurations, with more than 55,000 vulnerability and configuration checks.

This was last published in October 2013

Dig Deeper on Risk assessments, metrics and frameworks